The DDOSer discovered our real server IP and was therefore able to attack us direct circumventing cloudflare (and the disposable nginx proxies blockchain switched to for a while). The Site is running privately but before it is made publicly accessible again some changes need to be made in order to ensure the same situation doesn't happen again. Approximate ETA 30 minutes - 1 hour.

The DDOSer discovered our real server IP and was therefore able to attack us direct circumventing cloudflare (and the disposable nginx proxies blockchain switched to for a while). The Site is running privately but before it is made publicly accessible again some changes need to be made in order to ensure the same situation doesn't happen again. Approximate ETA 30 minutes - 1 hour.

The site has not been compromised in any way. I think some users are possibly using the same usernames on bitcointalk as alias's to blockchain wallets in combination with weak passwords and using the same password on other bitcoin sites.

As always I recommend to never reuse the same password on any other websites and to use the chrome/firefox browser extension (not the verifier).

Piuk, can you comment on the Amazon S3 backup regime for deleted private keys - i.e. if I were to upload a private key and then later on delete it - are old copies of the encrypted wallet file still stored on S3 - and if so, for how long?

The site has not been compromised in any way. I think some users are possibly using the same usernames on bitcointalk as alias's to blockchain wallets in combination with weak passwords and using the same password on other bitcoin sites.

As always I recommend to never reuse the same password on any other websites and to use the chrome/firefox browser extension (not the verifier).

In other news... the site has been down pretty much all day though, right? Any news?

The site has not been compromised in any way. I think some users are possibly using the same usernames on bitcointalk as alias's to blockchain wallets in combination with weak passwords and using the same password on other bitcoin sites.

As always I recommend to never reuse the same password on any other websites and to use the chrome/firefox browser extension (not the verifier).

In other news... the site has been down pretty much all day though, right? Any news?

The site has not been compromised in any way. I think some users are possibly using the same usernames on bitcointalk as alias's to blockchain wallets in combination with weak passwords and using the same password on other bitcoin sites.

As always I recommend to never reuse the same password on any other websites and to use the chrome/firefox browser extension (not the verifier).

Can you confirm that the server will NOT send the encrypted blob until 2FA is successful (assuming it is on of course)??

Also for clarity can you state how 2 level encryption could have possibly helped this scenario?

The site has not been compromised in any way. I think some users are possibly using the same usernames on bitcointalk as alias's to blockchain wallets in combination with weak passwords and using the same password on other bitcoin sites.

As always I recommend to never reuse the same password on any other websites and to use the chrome/firefox browser extension (not the verifier).

Thanks piuk. How do you think thieves are getting wallet URLs? My friend never logged on since it was setup 6 months ago, and didn't use an alias (and has never heard of bitcointalk...). Yet she had 7 coins stolen last week. Lots of similar reports going round.